83
Secure MAC addresses
Secure MAC addresses are configured or learned in autoLearn mode. Secure MAC addresses
include static, sticky, and dynamic secure MAC addresses.
Aging mode for secure MAC addresses
Secure MAC addresses can be aged out when you use one of the following aging modes:
•
Timeout
—Secure MAC addresses age out when the aging timer expires. The aging timer
counts up regardless of whether traffic data has been sent from secure MAC addresses. By
default, this mode is used.
•
Inactivity
—Secure MAC addresses age out only when no traffic is detected during the aging
interval. The device detects whether traffic data has been sent from a secure MAC address
when the aging timer expires for the secure MAC address. If traffic is detected, the aging timer
restarts. This feature prevents the unauthorized use of a secure MAC address when the
authorized user is offline.
Dynamic secure MAC
This feature converts sticky MAC addresses to dynamic and disables saving them to the
configuration file.
When this feature is enabled, you cannot manually configure sticky MAC addresses. All dynamic
MAC addresses are lost at reboot. Use this feature when you want to clear all sticky MAC addresses
after a device reboot.
When this feature is disabled, all dynamic secure MAC addresses on the port are converted to sticky
MAC addresses, and you can manually configure sticky MAC addresses.
Authorization information ignore
A port can be configured to ignore the authorization information received from the server (local or
remote) after an 802.1X or MAC authentication user passes authentication.
Max users
This function specifies the maximum number of secure MAC addresses that port security allows on a
port. The maximum number is configured for the following purposes:
•
Control the number of concurrent users on the port.
For a port operating in a security mode (except for autoLearn and secure), the upper limit
equals the smaller of the following values:
{
The limit of the secure MAC addresses that port security allows.
{
The limit of concurrent users allowed by the authentication mode in use.
•
Control the number of secure MAC addresses on the port in autoLearn mode.
Portal
Portal authentication controls user access to networks. Portal authenticates a user by the username
and password the user enters on a portal authentication page. Therefore, portal authentication is
also known as Web authentication.
Portal authentication flexibly imposes access control on the access layer and vital data entries. It has
the following advantages:
•
Allows users to perform authentication through a Web browser without installing client software.
•
Provides ISPs with diversified management choices and extended functions. For example, the
ISPs can place advertisements, provide community services, and publish information on the
authentication page.